<?php require_once("admin-header.php");?>
<?php 
	if (!(isset($_SESSION['administrator'])|| isset($_SESSION['password_setter']) )){
	echo "<a href='../loginpage.php'>Please Login First!</a>";
	exit(1);
}
if(isset($_POST['do']))
{
	//echo $_POST['user_id'];
	require_once("../include/check_post_key.php");
	//echo $_POST['passwd'];
	require_once("../include/my_func.inc.php");
	
		$user_id=$_POST['user_id'];
    $nick =$_POST['nick'];
    $school =$_POST['school'];
    $contestants =$_POST['contestants'];
    if (get_magic_quotes_gpc ()) 
    {
			$user_id = stripslashes ( $user_id);
			$nick = mysql_real_escape_string(htmlspecialchars ($nick));
			$school = mysql_real_escape_string(htmlspecialchars ( $school));
			$contestants = mysql_real_escape_string(htmlspecialchars ( $contestants));
		}
	$user_id=mysql_real_escape_string($user_id);
	$nicklen = strlen($nick);
	$schoollen = strlen($school);
	$contestantslen = strlen($contestants);
	$bj=false;
	if($nicklen || $schoollen || $contestantslen)
	{
		$sql="update `users` set ";
		if($nicklen) {$sql.="`nick`='$nick'"; $bj=true;}
		if($schoollen) {if($bj) $sql.=",";$sql.="`school`='$school'"; $bj=true;}
		if($contestantslen) {if($bj) $sql.=",";$sql.="`email`='$contestants'";}
		$sql.=" where `user_id`='$user_id'  and user_id not in( select user_id from privilege where rightstr='administrator') ";
		echo $sql;
		mysql_query($sql);
		if (mysql_affected_rows()==1) echo "Info Changed!";
  	else echo "No such user! or He/Her is an administrator!";
	}
  else echo "Nothing Changed!";
		
}
?>
<form action='changeinfo.php' method=post>
	<b>Change Information:</b><br />
	User:&nbsp&nbsp<input type=text size=30 name="user_id"><br />
	Name:&nbsp&nbsp<input type=text size=30 name="nick"><br />
	School:<input type=text size=30 name="school"><br />
	Member:<input type=text size=30 name="contestants"><br />
	<?php require_once("../include/set_post_key.php");?>
	<input type='hidden' name='do' value='do'>
	<input type=submit value='Change'>
</form>
